[
https://issues.apache.org/jira/browse/ROL-2100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Johnson updated ROL-2100:
-------------------------------
Description:
Roller included a feature to force HTTPS to be used for login pages and HTTP
for all other pages. This feature is removed in Roller 5.2.3. The best practice
is to run everything on HTTPS and if you want something different, implement
somewhere else, e.g. load balancer.
Original text:
The two Roller configuration properties mentioned in the summary no longer work
in Roller. Apparently they were broken when we upgraded to some newer version
of Spring Security.
The relevant code is in RollerContext. initializeSecurityFeatures().
As a work-around, one may be able to configure secure login behavior by
modifying the Spring Security configuration file (security.xml) directly.
was:
The two Roller configuration properties mentioned in the summary no longer work
in Roller. Apparently they were broken when we upgraded to some newer version
of Spring Security.
The relevant code is in RollerContext. initializeSecurityFeatures().
As a work-around, one may be able to configure secure login behavior by
modifying the Spring Security configuration file (security.xml) directly.
> Schema Enforcement feature removed
> ----------------------------------
>
> Key: ROL-2100
> URL: https://issues.apache.org/jira/browse/ROL-2100
> Project: Apache Roller
> Issue Type: Bug
> Components: Authentication, Roles and Access Controls
> Affects Versions: 5.1.2
> Reporter: David Johnson
> Assignee: David Johnson
> Priority: Minor
> Fix For: 5.2.3
>
>
> Roller included a feature to force HTTPS to be used for login pages and HTTP
> for all other pages. This feature is removed in Roller 5.2.3. The best
> practice is to run everything on HTTPS and if you want something different,
> implement somewhere else, e.g. load balancer.
> Original text:
> The two Roller configuration properties mentioned in the summary no longer
> work in Roller. Apparently they were broken when we upgraded to some newer
> version of Spring Security.
> The relevant code is in RollerContext. initializeSecurityFeatures().
> As a work-around, one may be able to configure secure login behavior by
> modifying the Spring Security configuration file (security.xml) directly.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
